You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

It should have this icon next to it:
Select it and click Remove.

The current version can be downloaded from Sun here: http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 5.0 Update 8' and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.

======

* Download RoguescanfixDownload it to your desktop.Doubleclick roguescanfix_setup.exeSelect the language setup and click ok.Proceed with the installation. Make sure the 'Start Roguescanfix' is checked.Once you click Finish, it will start the fix.

Note: This tool needs internet connection because it downloads an additional file to let the tool work properly.If your firewall gives an alert, allow it instead of blocking it.In case you still get the message BFU.exe is not present, download BFU.zip from here.Unzip it and place BFU.exe in the Roguescanfix-folder, present in your Program Files-folder. Then doubleclick Roguescanfix.bat.

When you start roguescanfix.bat you'll see a menu:1. Run Roguescanfix2. Run sharedtasksrem

The tool will uninstall some programs and delete related files and registrykeys.When some files won't get deleted, it will ask you to reboot your system to delete the files after reboot.Please make sure the uninstall of the programs are finished before you click Yes to reboot.Post the log (task.txt) that will open in your next reply. (task.txt will be present in folder Program Files\Roguescanfix)

======

Open HijackThis - Click the Config... button, then go to the Misc Tools section.- Click on Open Uninstall Manager. You'll see a list of programs.- Click on Save List...

The file "uninstall_list.txt" will be created. Copy and paste the contents of this file to your next reply.

======

Post back with the following (note that you may need more than one reply to get it all in):-task.txt-Uninstall list-New HijackThis log

Thanks,Charles

If you are pleased with the service I have offered, you may like to consider making a donation.

Sorry it took me so long to reply back to you. This is my parent's computer, and I'm just trying to help them through all this, so if it takes me a couple of days to get back to you, that is why. Please be patient with me, I'll be eternally greatful!!!!! O.k., please see the following information that you requested:

Hello dpalma,Don't worry about taking a long time to reply, I'll be here for when you're ready.

======

You have Viewpoint Manager installed on your PC.Viewpoint components are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting "Disable auto‑updating for the Viewpoint Manager" ‑‑ the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

I recommend that you remove the Viewpoint products; please uninstall all references to Viewpoint in your Add/Remove Programs list.

Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

Note : process.exeis detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

======

Please post back with the log created,Thanks,Charles

If you are pleased with the service I have offered, you may like to consider making a donation.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.The report can also be found at the root of the system drive, usually at C:\rapport.txt

I am Soooooooo sorry about that. I guess it would have helped had I read the whole message. Also, I forgot to mention to you earlier, please don't be upset with me, but when my parents first got this computer, my brother, the amatuer genius he thinks he is, split the hard drive into two. One is named "twins" and the other "piglet". I don't know if this matters at all with our situation with this computer or not, or if you even needed to know, but just thought I would run that past ya! Thanks again for all your help!!!!! I'll be waiting on your next request. Until next time.....

Go to Start | Control Panel | Add/Remove Programs and remove the following (if they exist):

Ultimate DefenderThis is a rogue Security Program, that purports to scan and detect malware or other problems on the computer, but which attempts to dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results. Rogue Security Programs typically use aggressive, deceptive advertising and may be installed without adequate notice and consent, often though exploits. For more information, see here.

======

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):